Merge pull request #70 from turbot/release/v0.4.1

Release/v0.4.1

CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.4.1 [2024-09-17]
+
+_Bug fixes_
+
+- Fixed `put_s3_bucket_encryption` pipeline to correctly encrypt an S3 bucket without returning an error. ([#68](https://github.com/turbot/flowpipe-mod-aws/pull/68)) (Thanks [@gcasilva](https://github.com/gcasilva) for the contribution!)
+
 ## v0.4.0 [2024-07-24]
 
 _What's new?_

pipelines/s3/put_s3_bucket_encryption.fp

@@ -18,13 +18,14 @@ pipeline "put_s3_bucket_encryption" {
     description = "The name of the S3 bucket."
   }
 
-  # TODO: AWS defaults to disabling default encryption if this isn't specified,
-  # but we require it to prevent accidentally disabling encryption. Should it be required?
+  # TODO: AWS defaults to enabling Amazon S3 managed keys (SSE-S3) server-side encryption if this isn't specified,
+  # you can chose "aws:kms" or "aws:kms:dsse" for server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) respectively.
   param "sse_algorithm" {
     type        = string
     description = "Server-side encryption algorithm to use for the default encryption."
   }
-
+
+  # Required if using "aws:kms" or "aws:kms:dsse" for parameter "sse_algorithm"
   param "kms_master_key_id" {
     type        = string
     description = "Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption."
@@ -55,7 +56,7 @@ pipeline "put_s3_bucket_encryption" {
     cmd = concat(
       ["s3api", "put-bucket-encryption"],
       ["--bucket", param.bucket],
-      ["--server-side-encryption-configuration", jsonencode(step.function.build_encryption_config.result)],
+      ["--server-side-encryption-configuration", jsonencode(step.function.build_encryption_config.response)],
     )
 
     env = merge(credential.aws[param.cred].env, { AWS_REGION = param.region })